On Thu, Mar 25, 2004 at 01:34:03PM -0500, Charles Gregory is rumored to have said: > > I am seeing bogus received headers like the following. We are 'hwcn.org', > of course, but the inside the parentheses domain is not hwcn.org related. > I believe this means they have tried to 'HELO' as hwcn.org, but RDNS found > their real domain name?
Yep, it's a faked helo. I just added a couple of acls to our exim config to 550 any server using a HELO or EHLO of either our domain name or our server's IP address. Almost 350 rejects so far (~14 hours). Looking through the logs, they're almost all from cable or dsl customers. Ya think it was spammers using hijacked machines? Nahh.. -- "He would make a lovely corpse." - Charles Dickens (1812-1870)
